hxxps://embeds[.]beehiiv[.]com/234b19fc-0c8b-4504-8421-cf8c4ed4bab7

Analysis

max time kernel
600s
max time network
569s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09/04/2024, 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://embeds.beehiiv.com/234b19fc-0c8b-4504-8421-cf8c4ed4bab7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571361975172492"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
920	chrome.exe
920	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
920	chrome.exe
920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 2896	920	chrome.exe	74
PID 920 wrote to memory of 2896	920	chrome.exe	74
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 704	920	chrome.exe	76
PID 920 wrote to memory of 4772	920	chrome.exe	77
PID 920 wrote to memory of 4772	920	chrome.exe	77
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78
PID 920 wrote to memory of 4252	920	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://embeds.beehiiv.com/234b19fc-0c8b-4504-8421-cf8c4ed4bab7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc54719758,0x7ffc54719768,0x7ffc54719778
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1772,i,12289626943133426748,3206627811867732840,131072 /prefetch:2
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1772,i,12289626943133426748,3206627811867732840,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1772,i,12289626943133426748,3206627811867732840,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1772,i,12289626943133426748,3206627811867732840,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1772,i,12289626943133426748,3206627811867732840,131072 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1772,i,12289626943133426748,3206627811867732840,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1772,i,12289626943133426748,3206627811867732840,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 --field-trial-handle=1772,i,12289626943133426748,3206627811867732840,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2413c6f3b086ee0a0d08e3af517d8fd4

SHA1
54e72449837d20bd100a0f7f4d60e1c6e7dcd39f

SHA256
21907b845f311c5bd6aae7cd462a48f95fe44a07b4cd3a94663b64cb0986c707

SHA512
86a38e432883d5eed217163e1a424eb31a79ae2c89ce2f535a3dfb31857f52f1c1e5fe4dce29039a9cc128f1f64fcb0777f37d603680fcc18cf2079865bfce27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
558ce9d2250137a2025185da1b75cd6e

SHA1
34843bdce69a1ad3ca6fd5e31f5b01eba712dbf0

SHA256
a8007daa18f4efe526165490669dcd2774eab6346c4a0267041a0d511d30c8a9

SHA512
efa6f7b087aee308c77473f68667503443c6bc50730803e2bc7cbceb36e37df86147b875cc5743b3b2508cc3cd8f51ba4267f7fbf97c1af917bee10915305eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
21efe955c6a567d5aa38a1808d11e8cd

SHA1
1562274125c4d14dfe72f07883f33f9b5562cf3d

SHA256
a1efc5256779c3bbb6c9a118e7bfd9a8cefc21965a8c95f536252c9acc679b68

SHA512
87cf456c05b043772d35b57552d4fa31197b50f799db890ad9f80aa62edd121039576190d3ad4143e206ff308610f91a475501df75feab7a157385686f8371dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9f50536ff70c1be0d6231a9680e4a183

SHA1
9c36fd6b227de49fb23bdcc3af854f1752dc60ce

SHA256
7abb87890e22e5c8a91f87fee482b87d379842a863a01af86ad50beb464ea697

SHA512
41344b494bf704147fb3028aaac8d4c79a976c2d116ae3ed33f9562a872244fddf06afa44042dfd35489aff14c9e76fb010fc84cf5ea8756068fda1f3d1f8c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
d4c8f5c160c45be63d0f0a8eab98b873

SHA1
6f6e17825809aa8fe475230d62663a0f9fe2ea13

SHA256
c36869982a4d452f0d5eaee0e9581f5032ef2c5d342bc0f788d35e408f9a315c

SHA512
bd3e4b9fba84db3109dba005a6c711e47bcb27e4db3e95a66f050a065bc70ca15bd125bdfe01abfeebef7c7eab69989e720e54001bf8e1cbdcfa219aa73c3880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
12f51efa668552926d48611cfa2d9dfc

SHA1
533b3f71653f772f437a4c0965104c4fc40647b6

SHA256
cc1f25fd2fa650e47f326c5b02ca5714d1fff9d72d31c7e693fda8930e10e98f

SHA512
472b256a09b3891df5cbb0a60e92b1fe5d1ca328f1eeed83e8c72a0c6350e4548efca28bcf7e259afc1e7a55c00ed3ec54f942fb94dee27526068155ee6274eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0169da100b003832bccdd372a17a8294

SHA1
8c28d3314a0e668ff3f6e199a0c1eedf1424561d

SHA256
975ad80853a123eeacdfce495df041255b1f2e246a1d10a93073becbebad57b3

SHA512
7bcdf8e9f7c111dececa6f095b708511bbd828735dc007f127ab6d5a47fff601316b4f771647b89e834157bd0898f36c9e4583d037f53f2df5c9e2590378d594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
171715fde141b9dd0cede0039ec95d20

SHA1
5f58d25583c77da5f40fb4517f427736567836a2

SHA256
78a5e097b8a32d9a912b6f888579a30147954644487dd16d63070df3cf4243f9

SHA512
231a8c3ad58b90a573407636014205b5cf517c4a0cd4d86039a74e3497479a4f2a87e489c17c032c6d968446027e2a6aae9bb95b687304a1df37bec1722319eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
836d59b24bcb2e3ac81a52ef5f4bc024

SHA1
79625096e06d476b0f812716434ad5f9dda367d0

SHA256
8d76702ad83ce106347039fc50ed461e5e3f7eaee1f72d6d3edd9663d045c1c0

SHA512
d95325e23871739dcfb9978507ffa2105337d87d9abebd8712f532f4726fed558f2cb9a661749c2db50ce313d5da4d3e750af06a0dbe1c7dff55961481481b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
bcd4a719713ae62849a3dc8e588ae8da

SHA1
1a0a64025f5ec679ffca6831d160f15b38777f0c

SHA256
3d94deccb2d709c5e55978e88950c62880a646401a5e0634e5f00d4f3aa6b05f

SHA512
5cce348daf9e09f44e74ef7d789227daafad1651e4895cb05811c667b5885fe6fca0c44558134ca03d7c2372242ade8c766a70350a889082db26cf5e8896dc42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit